V3.co.uk

RSA: Slimmed down malware attacks boost infection rate

Infections becoming more targeted and elusive

Concept image representing virus malware
0 Comments

Increasingly specialised and sophisticated malware attacks are taxing security vendors by making it harder to catch and prevent infections.

The growth of targeted attacks and advanced persistent threats, combined with increased use of obfuscation techniques is reducing the window in which firms can detect attacks, say researchers.

Andrew Brandt, director of threat research for Solera Networks, told V3 that in addition to the use of targeted attacks with specially-crafted pages and messages that increase the likelihood of an infection, popular web exploit kits have employed techniques that collect system and address information.

The collected information is then used to alter the attack kits behaviour after the first visit, limiting the ability for security researchers to make multiple visits to an attack site and gather data which can be used to block malware or warn users of the attack site.

"There are a lot of intrusion detection systems that were able to get the signatures quickly, but now once you trip a wire, [attack sites] throw the wall up," Brandt explained.

"We have had to come up with new techniques to do research."

The increasing sophistication of attacks was also part of the reason Solera has increased the performance of its packet analysis tools.

The company's Real-Time File Extractor will reduce the time needed to analyse traffic and highlight suspicious activity from more than one minute to a matter of one to two seconds, the firm claimed.

By speeding up the packet analysis platform, Brandt said that the platform can now detect and block modern attack kits which average infection times of anywhere from 20 to 45 seconds.

Further reading

V3 Latest